'Tip Of The Iceberg' Warning On Insider Attacks
Usually when an Internet or network security-related news story breaks -- dangerous malware, hacker attacks, etc. -- you read a bunch of quotes from "experts" issuing dire warnings of more to come or offering advice on how to prevent similar threats.
Sometimes these opinions are solicited by journalists and bloggers, and sometimes the "experts" actively look to get quoted to raise their visibility. Both parties, in a way, are trying to capitalize on the "scare" story in question. It's how the information ecosystem operates, and to a certain extent many of these follow-up articles should be taken with a grain of salt.
But I don't think that's the case here:
Here's the first big lesson for enterprises: Makwana was told he was fired at 2 p.m. that day, but didn't leave the building until 4:45 p.m. Even more amazing, his server access wasn't terminated until 10 o'clock that night! Who knows whether it was a simple oversight, whether someone decided they had more important priorities at the moment than to follow through on termination procedures, or whether Fannie Mae's termination procedures were lax. To me an eight-hour gap between firing someone and cutting them off from the server is incredibly dumb -- especially when that someone has the skills to do some real damage.
We can speculate endlessly about whether Makwana's dismissal was justified or insensitively handled. Indeed, several commenters to the ChannelWeb article have taken the opportunity to complain about how poorly tech workers can be treated, how their anger is justified when CEOs and other fat-cats continue to siphon off money in bonuses while the global economy melts down and layoffs reach epidemic proportions. You'll never hear me argue otherwise. My point is that as the economy continues to spiral downward, enterprises have an obligation to protect themselves from retaliation damage. That means putting termination policies in place and following them. If they don't, and the result is a blown-up network, it likely could mean more jobs lost.
But don't take my word for it. Listen to the expert quoted by ChannelWeb:
Sometimes these opinions are solicited by journalists and bloggers, and sometimes the "experts" actively look to get quoted to raise their visibility. Both parties, in a way, are trying to capitalize on the "scare" story in question. It's how the information ecosystem operates, and to a certain extent many of these follow-up articles should be taken with a grain of salt.
But I don't think that's the case here:
The contracted Fannie Mae engineer indicted Tuesday by the Justice Department for allegedly planting a logic bomb represents the beginning of a trend of insider attacks responding to layoffs and job insecurity because of the weak economy, experts say.
"To me, this is the tip of the iceberg," said Mandeep Khera, chief marketing officer of security company Cenzic. "If a small percentage of these IT workers are going to the dark side, they could potentially cause a lot of damage."
Federal investigators indicted Rajendrashinh Makwana, 35, a contracted Unix engineer for mortgage finance company Fannie Mae, for allegedly embedding malicious code known as a logic bomb in the mortgage lender's computer network, which was set to detonate on Jan. 31, 2009.
Had the attack been successful, the malware could have destroyed the entirety of the data on all 4,000 of the mortgage finance company's servers and shut down the company for a week, experts say.
The malware in Fannie Mae's servers was thwarted when another engineer detected the malicious code, embedded with legitimate script.
According to the ChannelWeb article, Makwana was fired last Oct. 24 for a scripting error he made earlier that month. The error was determined by investigators not to be malicious, but Makwana's reaction to his dismissal was, they allege.However, experts say that in many other cases, malicious code planted from the inside might not be so easily detected, especially in smaller and midsize companies with limited IT personnel and resources.
Here's the first big lesson for enterprises: Makwana was told he was fired at 2 p.m. that day, but didn't leave the building until 4:45 p.m. Even more amazing, his server access wasn't terminated until 10 o'clock that night! Who knows whether it was a simple oversight, whether someone decided they had more important priorities at the moment than to follow through on termination procedures, or whether Fannie Mae's termination procedures were lax. To me an eight-hour gap between firing someone and cutting them off from the server is incredibly dumb -- especially when that someone has the skills to do some real damage.
We can speculate endlessly about whether Makwana's dismissal was justified or insensitively handled. Indeed, several commenters to the ChannelWeb article have taken the opportunity to complain about how poorly tech workers can be treated, how their anger is justified when CEOs and other fat-cats continue to siphon off money in bonuses while the global economy melts down and layoffs reach epidemic proportions. You'll never hear me argue otherwise. My point is that as the economy continues to spiral downward, enterprises have an obligation to protect themselves from retaliation damage. That means putting termination policies in place and following them. If they don't, and the result is a blown-up network, it likely could mean more jobs lost.
But don't take my word for it. Listen to the expert quoted by ChannelWeb:
"I bet there's a lot more malicious code and a lot more hidden back doors that are being exploited," Khera said. "We'll hear about some of the big ones. We won't hear about a bunch of them that will never get caught."This is one "scare" story I believe.
del.icio.us
Digg it
Furl
Google
StumbleUpon0 TrackBacks
Listed below are links to blogs that reference this entry: 'Tip Of The Iceberg' Warning On Insider Attacks.
TrackBack URL for this entry: https://swarm.jupitermedia.com/mt-tb.cgi/6512
1 Comments
Leave a comment
Calendar
Search Datamation Blog
Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Interesting share, thanks